Register rust-libp2p with Github's Dependabot #1743
Description
As the title says, I would like to suggest registering rust-libp2p with Github's Dependabot.
Dependabot creates pull requests to keep your dependencies secure and up-to-date.
You can find more details here: https://dependabot.com/
I think Dependabot would remove a lot of toil around dependency management for us maintainers. At the same time it would ensure that rust-libp2p uses most recent versions of its dependencies and thus enforcing rust-libp2p staying in sync with recent security releases. I am personally using it on most of my personal projects, thus far without issues.
What do people think? Any objections?